This topic describes how to configure end-to-end HTTPS encryption for Application Load Balancer (ALB).
Data security is important for enterprises that host a large percentage of workloads on the cloud, especially for enterprises in public service sectors and financial industries. To ensure high security, enterprises require data transfers to be encrypted from one end to the other. If a load balancing service is used, both frontend connections (connections between clients and the load balancing service) and backend connections (connections between the load balancing service and backend servers) must be encrypted.
ALB supports end-to-end HTTPS encryption for data transfers. HTTPS can encrypt data transfers between clients and ALB, and between ALB and backend servers to improve the security of sensitive data.
Configure end-to-end HTTPS encryption
- Log on to the ALB console.
In the top navigation bar, select the region where the ALB instance is deployed.
In the left-side navigation pane, choose.
On the Server Groups page, click Create Server Group. The following table describes some of the parameters. Other parameters use the default values. After you set the parameters, click Create.
Server Group Type
Select the type of server group that you want to create. In this example, Server is selected.
Server Group Name
Enter a name for the server group.
VPC Resource Group
Select a resource group for the virtual private cloud (VPC).
Select a VPC from the drop-down list. In this example, the VPC where the ALB instance is deployed is selected.
Backend Server Protocol
Select a backend protocol. In this example, HTTPS is selected.
Select a scheduling algorithm. In this example, the default value Weighted Round-robin is used.
Select a resource group for the server group.
Select whether to enable IPv6 for the VPC. IPv6 is disabled by default. If you disable IPv6, you can add only IPv4 backend servers to the server group. If you enable IPv6, you can add both IPv6 and IPv4 backend servers to the server group.
Select whether to enable session persistence, which is disabled by default. If you disable session persistence, ALB distributes requests to different backend servers. If you enable session persistence, ALB distributes requests that are from the same client to the same backend server. In this example, session persistence is disabled, which is the default setting.
Select whether to enable persistent connections. If persistent connections are enabled, ALB maintains a certain number of connections to backend servers. Requests are preferentially distributed to idle TCP persistent connections to reduce the number of TCP handshakes. This reduces the loads on backend servers.
Health Check Settings
Specify whether to enable health checks. In this example, health checks are enabled, which is the default setting.
In this example, the default advanced settings are used. For more information, see Create and manage server groups.
On the Server Groups page, find the server group that you want to manage and click Modify Backend Server in the Actions column.
On the Backend Servers tab, click Add Backend Server.
In the Add Backend Server panel, specify the type of backend server, select the backend server that you want to add, and then click Next.
Set the port to 443, use the default weight, and then click OK.
For more information about how to create HTTPS listeners, see Add an HTTPS listener.Note
On the Select Server Group wizard page, select the server group that you created.